It's become standard for many retailers to ask for personal details at checkout. Then there's online shopping, in which you have to turn over certain info. Among other things, stores want the information so they can shower you with catalogs and emails.

The problem is that you are trusting the stores to safeguard it. Criminals who steal your credit or debit card information can do more damage if they have your contact information. It's easier for them to commit fraud or even trick you into revealing more via fake emails, letters and phone calls.

Your information is "toxic" if it gets in the wrong hands, said Rob Shavell, CEO of Abine, a company whose software enhances privacy while shopping. "The more of it they store, the more it becomes a danger to the consumer and the business."

The idea behind Abine shows just how far wholesale data collection has gone. The service lets you create a shopping avatar -- with its own new phone number, address and credit card -- to create more distance between you and the retailer.

Grant, the consumer advocate, said there's a patchwork of state laws regarding mass data breaches, such as those that require companies to inform people when their privacy has been violated. She wants national laws that would limit how companies collect data in the first place, how long they keep it, and establish liability if they lose it.

"The stakes are much higher now," said John Simpson, a privacy advocate at Consumer Watchdog. "They claim they need all this data for legitimate business purposes. But if they're going to gather the data, that requires a level of cybersecurity a number of companies haven't been able to meet."